Digital identifiers (Digital IDs), also known as digital certificates, can be used to validate the identity of the author of an electronic document. They can also be used to help protect messages by adding a unique code to the message called a digital signature. A digitally signed message proves to the recipient that you, not an imposter, signed the contents of the message, and that the contents haven't been altered in transit.
Digital signature ensures the authenticity of a document. They are a vital part of business transactions today because: (a) they establish a trust relationship between recipient of a digital document and the author—to be sure that a specific document was indeed created by a specific person or entity and that was not modified; (b) they provide an irrevocable legal proof regarding the author of a document.
Signed document are being used today for contracts, invoices, and so forth. Without using digital signatures there is no way to validate electronic transactions.
Specific sample file formats that support digital signatures are PDF documents, and Microsoft office documents.
Signing certificate—To create a digital signature, you need a signing certificate, which proves identity. When you send a digitally-signed macro or document, you also send your certificate and public key. Certificates are issued by a certification authority. A certificate is usually valid for a year, after which, the signer must renew, or get a new, signing certificate to establish identity.
Certificate authority (CA)—A certificate authority is an entity similar to a notary public. It issues digital certificates, signs certificates to verify their validity and tracks which certificates have been revoked or have expired.
Digital Signature Assurance
The following terms and definitions show what assurances are provided by digital signatures: (a) Authenticity The signer is confirmed as the signer; (b) Integrity The content has not been changed or tampered with since it was digitally signed; (c) Non-repudiation Proves to all parties the origin of the signed content. Repudiation refers to the act of a signer denying any association with the signed content; and (d) Notarization Signatures in Microsoft Word, Microsoft Excel, or Microsoft PowerPoint files, which are time stamped by a secure time-stamp server, under certain circumstances, have the validity of a notarization
To make these assurances, the content creator must digitally sign the content by using a signature that satisfies the following criteria: (a) The digital signature is valid; (b) The certificate associated with the digital signature is current (not expired); and (c) The signing person or organization, known as the publisher, is trusted.
It should be noted that signed documents, which have a valid time stamp, are considered to have valid signatures, regardless of the age of the signing certificate.
The certificate associated with the digital signature is issued to the signing publisher by a reputable certificate authority (CA).